CVE-2017-12784

Name of the Vulnerable Software and Affected Versions Youngzsoft CCFile (aka CC File Transfer) version 3.6

Description The issue allows a malicious user to remotely crash the affected software by sending a crafted HTTP request. No authentication is required to exploit this. An example of a malicious payload includes a malformed request header containing many '|' characters.

Recommendations For Youngzsoft CCFile (aka CC File Transfer) version 3.6, consider restricting access to the software until a patch is available to prevent remote crashes. As a temporary workaround, implement filtering to detect and block malformed request headers, especially those containing an excessive number of '|' characters.